2020-01-13 21:34:49 |
Tyler Hicks |
bug |
|
|
added bug |
2020-01-13 21:39:41 |
Tyler Hicks |
description |
Quan Luo and ycq from Codesafe Team of Legendsec at Qi'anxin Group reported a use-after-free issue in the i915 driver. This issue has been fixed in the upstream kernel starting in v5.2 with the following commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310
The flaw was introduced in v4.14 with this change:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1acfc104cdf8a3408f0e83b4115d4419c6315005
The problem can be fixed by expanding the usage of struct_mutex to include the GEM context lookup. |
[Impact]
Quan Luo and ycq from Codesafe Team of Legendsec at Qi'anxin Group reported a use-after-free issue in the i915 driver. This issue has been fixed in the upstream kernel starting in v5.2 with the following commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310
The flaw was introduced in v4.14 with this change:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1acfc104cdf8a3408f0e83b4115d4419c6315005
The problem can be fixed by expanding the usage of struct_mutex to include the GEM context lookup.
[Test Case]
Enable KASAN and exercise the affected code path using the PoC provided by Quan Luo.
[Regression Potential]
Low. This approach was suggested by upstream and has been well tested. |
|
2020-01-13 21:39:58 |
Tyler Hicks |
nominated for series |
|
Ubuntu Disco |
|
2020-01-13 21:39:58 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Disco) |
|
2020-01-13 21:39:58 |
Tyler Hicks |
nominated for series |
|
Ubuntu Bionic |
|
2020-01-13 21:39:58 |
Tyler Hicks |
bug task added |
|
linux (Ubuntu Bionic) |
|
2020-01-13 21:40:29 |
Tyler Hicks |
linux (Ubuntu): status |
In Progress |
Fix Released |
|
2020-01-13 21:40:36 |
Tyler Hicks |
linux (Ubuntu Bionic): status |
New |
In Progress |
|
2020-01-13 21:40:39 |
Tyler Hicks |
linux (Ubuntu Disco): status |
New |
In Progress |
|
2020-01-13 21:40:41 |
Tyler Hicks |
linux (Ubuntu Bionic): importance |
Undecided |
High |
|
2020-01-13 21:40:42 |
Tyler Hicks |
linux (Ubuntu Disco): importance |
Undecided |
High |
|
2020-01-13 21:40:44 |
Tyler Hicks |
linux (Ubuntu Bionic): assignee |
|
Tyler Hicks (tyhicks) |
|
2020-01-13 21:40:46 |
Tyler Hicks |
linux (Ubuntu Disco): assignee |
|
Tyler Hicks (tyhicks) |
|
2020-01-14 18:41:52 |
Tyler Hicks |
information type |
Private Security |
Public Security |
|
2020-01-14 18:42:39 |
Tyler Hicks |
description |
[Impact]
Quan Luo and ycq from Codesafe Team of Legendsec at Qi'anxin Group reported a use-after-free issue in the i915 driver. This issue has been fixed in the upstream kernel starting in v5.2 with the following commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310
The flaw was introduced in v4.14 with this change:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1acfc104cdf8a3408f0e83b4115d4419c6315005
The problem can be fixed by expanding the usage of struct_mutex to include the GEM context lookup.
[Test Case]
Enable KASAN and exercise the affected code path using the PoC provided by Quan Luo.
[Regression Potential]
Low. This approach was suggested by upstream and has been well tested. |
[Impact]
Quan Luo and ycq from Codesafe Team of Legendsec at Qi'anxin Group reported a use-after-free issue in the i915 driver. This issue has been fixed in the upstream kernel starting in v5.2 with the following commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310
The flaw was introduced in v4.14 with this change:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1acfc104cdf8a3408f0e83b4115d4419c6315005
The problem can be fixed by expanding the usage of struct_mutex to include the GEM context lookup. A fix has been submitted to the upstream stable list:
https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/T/#u
[Test Case]
Enable KASAN and exercise the affected code path using the PoC provided by Quan Luo.
[Regression Potential]
Low. This approach was suggested by upstream and has been well tested. |
|
2020-01-14 20:05:09 |
Tyler Hicks |
cve linked |
|
2020-7053 |
|
2020-01-15 01:07:44 |
Marcelo Cerri |
linux (Ubuntu Bionic): status |
In Progress |
Fix Committed |
|
2020-01-15 02:06:20 |
Marcelo Cerri |
linux (Ubuntu Disco): status |
In Progress |
Fix Committed |
|
2020-01-16 01:08:05 |
Ubuntu Kernel Bot |
tags |
|
verification-needed-bionic |
|
2020-01-16 04:03:48 |
Ubuntu Kernel Bot |
tags |
verification-needed-bionic |
verification-needed-bionic verification-needed-disco |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
linux (Ubuntu Disco): status |
Fix Committed |
Fix Released |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-14615 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-18885 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19050 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19077 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19078 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19082 |
|
2020-01-27 13:21:23 |
Launchpad Janitor |
cve linked |
|
2019-19332 |
|
2020-01-27 18:42:17 |
Launchpad Janitor |
linux (Ubuntu Bionic): status |
Fix Committed |
Fix Released |
|